Method for Monitoring, at the Correct Time, TT Ethernet Messages

ABSTRACT

The invention relates to a method for monitoring, at the correct time, TTEthernet (TT) messages communicated by a TTEthernet switch (TTE switch) in a distributed real-time computer system. According to the invention, the TTE switch has a global time having precision P and accuracy A, and the TTE switch has a plurality of communication channels and one or more monitoring channels, and the TTE switch contains a selection data structure that specifies which TT message classes are to be monitored, and a copy of a TT message which belongs to a TT message class selected for monitoring is formed in the TTE switch and is transmitted by the TTE switch via a monitoring channel to a monitoring node, and the TTE switch subsequently autonomously transmits an ET message containing an identifier and the exact transmission time of the monitored TT message via a monitoring channel to a monitoring node.

The invention pertains to a method for the time-correct monitoring ofTTEthernet (TT) messages transmitted by a TTEthernet switch (TTE Switch)in a distributed real-time computer system.

The invention furthermore pertains to a TTEthernet switch (TTE switch)for a distributed real-time computer system, wherein the real-timecomputer system consists of a plurality of node computers and TTEswitches, and wherein the TTE switch transmits TTEthernet (TT) messageswithin the real-time computer system.

The invention furthermore pertains to such a real-time computer system.

In a distributed real-time system composed of a plurality of nodecomputers communicating exclusively via messages, the interface responseof a node computer can be described by the interpreted messages beingreceived and transmitted at this interface. It is therefore advantageousif all messages occurring at an interface can be monitored at theappropriate time without affecting the time response of the system(on-intrusive observation) as indicated in [4]. Experience indicatesthat a non-observable flow of information between the subsystems of alarge system increases the cognitive effort required to understand thefunction of a system and to detect malfunctions [6].

One objective of the invention is to disclose a method as well ashardware, with which in a distributed real-time system in which the nodecomputers communicate via Ethernet messages in a Time-Triggered Ethernetsystem (TTEthernet), the occurring messages can be monitored at thecorrect time without affecting the timing behavior of the system. TheTTEthernet is thereby subject of patents [2] and [3]. The SAE TTEthernetstandard is available on [8].

In a conventional Ethernet system, the time-correct monitoring of themessages is difficult due to the fact that messages may be delayed inthe buffers of the Ethernet switches and that the exact moments in time,at which a message is forwarded, cannot be predicted. In atime-triggered system, in which major actions are derived from theprogression of a global time, the timing response is predictable. Onenecessary precondition for the correct response of a time-triggeredsystem is the availability of a global time in all subsystems of thesystem. The quality of the global time is expressed by the precision ofthe time, such as explained in detail in [7, p.55]. In a large system itis advantageous for the global time to be synchronized to the externaltime standard TAI as distributed by the GPS signal, for example. Thequality of the external synchronization is expressed by the accuracy(A).

The present invention achieves the above-named objective by providingaccording to the invention that the TTE switch exhibits a global timewith the precision P and the accuracy A, and wherein the TTE switch isequipped with a plurality of communication channels and one or multiplemonitoring channels, and wherein the TTE switch contains a selectiondata structure indicating the TT message classes to be monitored, andwherein a copy of a TT message belonging to a message class selected formonitoring is generated inside the TTE switch and sent by the TTE switchvia a monitoring channel to a monitoring node, and wherein the TTEswitch subsequently autonomously sends an ET message containing anidentifier and the exact time of transmission of the monitored TTmessage via a monitoring channel to a monitoring node.

The method disclosed herein (as well as the switch according to theinvention) provides for a Time-Triggered Ethernet (TTE) switch to copy amessage that has been selected for monitoring and to send it via amonitoring channel to a monitoring node. Since the copied message may bedelayed before being sent via the monitoring channel and the time oftransmission of the copied message to the monitoring node does not matchthe time at which the TT message selected for monitoring was forwardedto the recipient, the TTE switch sends immediately after having sent thecopied message an additional message containing a message identifier ofthe copied message and a time stamp showing the time the selectedmonitoring message was sent to the recipient indicated in the message.The TTE switch generates this additional message autonomously. As aresult, a monitoring node is able to sort all of the messages selectedfor monitoring and received from the various TTE switches in precisechronological order.

The problem of monitoring messages being exchanged between thesubsystems of a large system is the subject of several patents. [1](U.S. Pat. No. 5,793,753. Hershey, et al Telecommunications networkmanagement observation and response system, Granted Aug. 11, 1998), forexample, discloses a method allowing the monitoring of message trafficin a large telecommunication system without affecting the timing of themessage traffic (prevention of the probe effect). The problem ofmonitoring at the correct time is not addressed. U.S. patent application[4] (Non-intrusive debugging framework for parallel software based onsuper multi-core) discloses a comprehensive monitoring and debuggingsystem in a multicore system on chip. The innovation in this system isalso the prevention of the probe effect. Subject of U.S. patentapplication [5] (Method and circuit arrangement for the monitoring andmanagement of data traffic in a communication system with severalcommunication nodes.) is the monitoring of the message traffic in a bussystem. In a bus system, the problem addressed in the present patentspecification does not apply since the bus is not able to storemessages.

The present invention discloses a method for the implementation of thetime-correct monitoring of Ethernet messages in a large distributedreal-time system. In order to eliminate the unpredictable delay ofmessages in the memories of an Ethernet switch, the switch generates inaddition to the message that has been selected for monitoring anothermessage indicating the exact time at which the monitored message hasleft the Ethernet switch.

Additional advantageous embodiments of the method according to theinvention and the switch according to the invention are described below:

It is advantageous for the ET message generated autonomously by the TTEswitch to be transmitted after a multiplicity (plurality) of TT messagesselected for monitoring, with the data field of the ET messagecontaining the identifiers and the exact times of transmission of all TTmessages comprising the multiplicity.

It may be expedient for the selection data structure to be loaded intothe TTE switch dynamically.

It may also be advantageous for any change of the selection datastructure to be protected by cryptographic protocols.

It is furthermore advantageous if in addition to the TT messages, ETmessages transmitted by the TTE switch can be selected for monitoring aswell.

It is expedient for the monitoring channel to support a higher bandwidththan the communication channels.

It may be beneficial for all time-derived transmission events to besparse events.

Finally, it is advantageous for each TT message to contain a parameterfield, to which the value of TRUE or FALSE is assigned by a sender ofthe message and whereby a message, in which the parameter field containsthe TRUE value, is copied by the TTE switch and sent to the monitoringchannel, and whereby a message in the parameter field containing theFALSE value is not sent to the monitoring channel.

The present invention is explained with reference to the followingdrawing FIG. 1. This drawing shows the structure of a distributedreal-time system with three processing nodes, one monitoring node andone configuration node.

The distributed real-time computer system represented in FIG. 1 iscomposed of the three node computers 110, 111, 112 which are connectedto the TTE switch 100 via the three communication channels 120, 121,122. The monitoring channel 131 links the TTE switch 100 to themonitoring node 130. The communication channel 141 links the TTE switch100 to the configuration node 150.

Contained in the TTE switch 100 is a selection data structure specifyingthe TT (time-triggered) message classes to be monitored. A TT messageclass is created by a sequence of periodic time-triggered messages withan identical structure. A TT message class can be identified by itsscheduled period and its offset. A single message of a TT message classcan be identified by the scheduled time of transmission. Alternatively,each individual TT message can be identified by the header of theTTEthernet message and the time of transmission.

The selection data structure in the TTE Switch 100 can be changeddynamically from the configuration node 150. In order to ensure theauthenticity and integrity of such change, the data traffic between thenode 150 and the TTE switch 100 can be secured by known cryptographicprotocols (see for example [7, p. 141]).

In a large distributed real-time system, a plurality of node computerscan exchange messages via a plurality of TTE switches. Since all TTEswitches are equipped with a global time base with the precision P andthe accuracy A, it is possible to globally sort the time stampsgenerated by the various TTE switches. If the transmission eventsrepresent sparse events (see [7. p. 62]), all messages in the entiresystem can be sorted consistently.

When many classes of messages in a TTE switch are selected formonitoring, the bandwidth of the monitoring channel may not besufficient to send all monitored messages to the monitoring node.According to the invention, it is therefore useful to dimension thebandwidth of the monitoring channel broader than the bandwidth of thecommunication channels. The bandwidth of the communication channels may,for example, be 100 Mbit/sec, the bandwidth of the monitoring channel,however, 1000 Mbit/sec. Alternatively, multiple monitoring channels inone single TTE switch may be configured as well.

The selection data structure in the TTE switch 100 may also containstandard Ethernet messages, i.e. ET (event-triggered) messages, to bemonitored. This may also apply to Ethernet messages, which areinterpreted according to higher protocol layers like ARINC 664 or IEEE801.1 AV (audio video bridging). These ET messages may be identified,for example, via the header which is part of every Ethernet message.Alternatively, a parameter field may be inserted in the data field of anEthernet message, with the assigned values of TRUE or FALSE. If thevalue of this parameter field contains TRUE, the message shall bemonitored. If the value of this parameter field contains FALSE, themessage shall not be monitored.

The described monitoring method may be implemented in software as wellas in an FPGA chip or in an ASIC chip directly in the hardware.

The detailed description of the invention above represents only one ofmany possible options of implementation.

CITED LITERATURE

[1] U.S. Pat. No. 5,793,753. Hershey, et al. Telecommunications networkmanagement observation and response system. Granted Aug. 11, 1998

[1] U.S. Pat. No. 7,839,868. Kopetz, H. Communication method and systemfor the transmission of time-driven and event-driven Ethernet messages.Granted Nov. 23, 2010.

[3] U.S. Pat. No. 7,979,247 Angelow, et al. Multirouter fortime-controlled communication system. Granted Aug. 23, 2011.

[4] US Pat Application 20110307741. Chen T. F. Non-intrusive debuggingframework for parallel software based on super multi-core.

[5] US Pat Application 20050094674. Zinke, et al. Method and circuitarrangement for the monitoring and management of data traffic in acommunication system with several communication nodes.

[6] Hmelo-Silver, C. E. & M. G. Pfeffer. Comparing Expert and NoviceUnderstanding of a Complex System from the Perspective of Structures,Behaviors, and Functions. Cognitive Science, Elsevier, Vol. 28. (pp.127-138). 2004.

[7] Kopetz, H. Real-Time Systems, Design Principles for DistributedEmbedded Applications. Springer Verlag. 2011.

[8] SAE Standard von TT Ethernet. URL: http://standards.sae.org/as6802

1. Method for the time-correct monitoring of TTEthernet (TT) messagestransmitted by a TTEthernet switch in a distributed real-time computersystem characterized in that the TTE switch is a equipped with a globaltime with the precision P and the accuracy A, and whereby the TTE switchcontains a plurality of communication channels and one or multiplemonitoring channels, and whereby the TTE switch contains a selectiondata structure indicating which TT message classes shall be monitored,and whereby in the TTE switch a copy of a TT message belonging to theselected message class is generated, which is sent by the TTE switch viaa monitoring channel to a monitoring node, and wherein the TTE switchsubsequently autonomously sends an ET message containing an identifierand the exact time of transmission of the monitored TT message via amonitoring channel to a monitoring node.
 2. Method according to claim 1characterized in that the ET message autonomously generated by the TTEswitch is sent after a multiplicity of TT messages selected to bemonitored, whereby the data field of the ET message contains theidentifiers and the exact times of transmission of all TT messagescreating the multiplicity.
 3. Method according to claim 1 characterizedin that the selection data structure is loaded dynamically into the TTEswitch.
 4. Method according to claim 1 characterized in that a change ofthe selection data structure is secured by cryptographic protocols. 5.Method according to one of claims 1 characterized in that in addition tothe TT messages, ET messages being transmitted by the TTE switch canalso be selected for monitoring.
 6. Method according to claim 1characterized in that the monitoring channel supports a higher bandwidththan the communication channels.
 7. Method according to claim 1characterized in that all time-derived transmission events representsparse events.
 8. Method according to claim 1 characterized in thatevery TT message contains a parameter field to which a value of TRUE orFALSE is assigned by a sender, and wherein a message with a parameterfield value of TRUE is copied by the TTE switch and sent to themonitoring channel, and wherein a message with a parameter field valueof FALSE is not sent by the TTE switch to the monitoring channel. 9.TTEthernet switch (TTE switch) for a distributed real-time computersystem, wherein the distributed real-time computer system consists of aplurality of node computers and TTE switches, and wherein the TTE switchtransmits TTEthernet (TT) messages within the distributed real-timecomputer system characterized in that the TTE switch is equipped with aglobal time with the precision P and the accuracy A, and whereby the TTEswitch exhibits a plurality of communication channels and one ormultiple monitoring channels, and whereby the TTE switch contains aselection data structure indicating which TT message classes shall bemonitored, and whereby in the TTE switch a copy of a message belongingto the selected message class is generated, which is sent by the TTEswitch via a monitoring channel to a monitoring node, and wherein theTTE switch subsequently autonomously sends an ET message containing anidentifier and the exact time of transmission of the monitored TTmessage via a monitoring channel to a monitoring node.
 10. TTE switchaccording to claim 9 characterized in that the ET message autonomouslygenerated by the TTE switch is sent after a multiplicity of TT messagesselected to be monitored, whereby the data field of the ET messagecontains the identifiers and the exact times of transmission of all TTmessages creating the multiplicity.
 11. TTE switch according to claim 9characterized in that the selection data structure is loaded dynamicallyinto the TTE switch.
 12. TTE switch according to claim 9 characterizedin that a change of the selection data structure is secured bycryptographic protocols.
 13. TTE switch according to claim 9characterized in that in addition to the TT messages, ET messages beingtransmitted by the TTE switch can also be selected for monitoring. 14.TTE switch according to claim 9 characterized in that the monitoringchannel supports a higher bandwidth than the transmission channels. 15.TTE switch according to claim 9 characterized in that all time-derivedtransmission events represent sparse events.
 16. TTE Switch according toclaim 9 characterized in that every TT message contains a parameterfield to which a value of TRUE or FALSE is assigned by a sender, andwherein a message with a parameter field value of TRUE is copied by theTTE switch and sent to the monitoring channel, and wherein a messagewith a parameter field value of FALSE is not sent by the TTE switch tothe monitoring channel.
 17. Real-time computer system, comprising aplurality of node computers and TTE switches, comprising at least oneTTE switch according to claim
 9. 18. Real-time computer system accordingto claim 17 characterized in that two or multiple TTE switches supportmonitoring channels, whereby the monitoring channels of the TTE switchesare connected to one or multiple monitoring nodes.
 19. Distributedreal-time computer architecture characterized in that in a distributedreal-time computer system according to claim 17 composed of amultiplicity of node computers and TTE switches and in which two ormultiple TTE switches support monitoring channels, the monitoringchannels of the TTE switches are connected to one or multiple monitoringnodes.